The intended check was to ensure system image won't be built as a
chained partition when using dynamic partitions. Because such an image
can't be verified by bootloader.
As it evolves, GSI system image has been built against the intended
check. Because GSI system image will be verified by first stage init in
userspace.
Bug: 80195851
Test: TreeHugger
Change-Id: I45b079799e5d7443e82d73d43e2b63c613f33165
Logic to create a seperate ODM NOTICE file for modules located at
TARGET_OUT_ODM.
Bug: 137542307
Test: Built an image with both a seperate ODM image and one where it is
built into vendor.img and ensured that a NOTICE.xml.gz was located at
/odm/etc and contained any license generated by ODM modules.
Change-Id: I9e6f46b1b94c5b6584c2a5810713fcf49f637d02
Tools/files added in this CL are necessary for mixing GSI with vendor
images from other product and for the GSI to run on the emulator.
Bug: 136786169
Test: $ lunch aosp_x86-userdebug
$ m -j updatepackage otatools-package emu_extra_imgs
$ cd $TMP_DIR
$ unzip $OUT/emu-extra-linux-system-images-eng.ycchen.zip
$ cd x86
$ unzip -n $OUT/aosp_x86-img-eng.ycchen.zip
$ unzip $OUT/otatools bin/mk_combined_img bin/sgdisk
$ unzip $OUT/otatools lib64/libc++.so lib64/libext2_uuid-host.so
$ cut -d/ -f5 system-qemu-config.txt > composit.txt
$ SGDISK=bin/sgdisk bin/mk_combined_img -i composit.txt -o system.img
$ cd ..
# Download sdk-repo-linux-emulator-*.zip from AB
$ unzip -l sdk-repo-linux-emulator-*.zip
$ ANDROID_PRODUCT_OUT=x86 ANDROID_BUILD_TOP=x86 emulator/emulator
Change-Id: Ibf88652eb4fb3244553062bbfb8bceac9a5cda47
The modules.softdep file is used to communicate soft dependencies
between modules and is supported by libmodprobe.
Bug: 130585369
Change-Id: I790ea872fde7fb0cb58e07277a32aa4688adcac6
To accommodate a future vendor ramdisk, recognize
BOARD_VENDOR_RAMDISK_KERNEL_MODULES and
BOARD_VENDOR_RAMDISK_KERNEL_MODULES_LOAD as a way to specify kernel
modules to be stored on the vendor ramdisk, and the optional override list of
kernel modules to be loaded by first stage init.
For now this will affect the modules loaded on the generic ramdisk,
but will provide a way for vendors to add support now and hopefully not
have to modify it later when the vendor ramdisk is created.
BOARD_RAMDISK_KERNEL_MODULES is renamed to
BOARD_GENERIC_RAMDISK_KERNEL_MODULES, which is not expected to be
modified by vendors.
Bug: 137297791
Change-Id: I05944e004ab5235172da3a15b8d1c6f4c4c021ce
When we build the system image separately from the vendor image, we need the
/vendor/odm link (if any) to be created in the vendor build, not the system
build. This change moves the create-vendor-odm-symlink function outside the
BUILDING_SYSTEM_IMAGE gaurd, and inside the BUILDING_VENDOR_IMAGE gaurd.
Bug: 136516335
Test: Build vendor image, verify that /vendor/odm -> /odm
Change-Id: I6edf5d6d1fa0b2f632f67113f69a49b43f719941
This CL changes the condition for building super_empty.img from
PRODUCT_BUILD_SUPER_PARTITION to PRODUCT_USE_DYNAMIC_PARTITIONS, as a
follow-up to the change in [1].
With the CL in [1], it skips building super.img and super_empty.img both
when turning off PRODUCT_BUILD_SUPER_PARTITION. However, the latter
should be mandatory whenever dynamic partitions is enabled. Because
fastboot relies on this file to properly flash dynamic partitions. Plus,
the cost for building super_empty.img is much lower than the one for
super.img.
As part of the change, it'll write group info into target_files when
building with PRODUCT_BUILD_SUPER_PARTITION == false. It's the work for
target_files merging script to determine the values to be picked up. The
current logic in merge_target_files.py always uses the one from vendor
target_files. This CL adds a testcase to ensure the behavior.
[1] https://android-review.googlesource.com/c/platform/build/+/928756
Bug: 135752763
Test: `m dist` with a target that sets PRODUCT_BUILD_SUPER_PARTITION to
false. Check the built artifacts contain super_empty.img. Verify
that the build can be flashed properly.
Change-Id: I277f087eab45663a6c3b33333d16e9e576c1c25c
Build support exists to copy a set of kernel modules to the recovery,
vendor, and odm images. Extend similar support for copying kernel
modules to the ramdisk via BOARD_RAMDISK_KERNEL_MODULES. If
BOARD_USES_RECOVERY_AS_BOOT, then BOARD_RAMDISK_KERNEL_MODULES is
added to the set of modules to be copied to recovery.
Libmodprobe now supports reading a list of kernel modules to be loaded.
Enable the creation of modules.load and modules.load.recovery files.
These files contain the contents of
BOARD_[RAMDISK|VENDOR|ODM|RECOVERY]_KERNEL_MODULES_LOAD, or if those
variables are not set, the contents of
BOARD_[RAMDISK|VENDOR|ODM|RECOVERY]_KERNEL_MODULES (indicating all
modules should be loaded by default). This allows for
optional customization of the set of modules to be loaded by
libmodprobe and the order they are loaded in.
Bug: 130585369
Change-Id: I9340787d31d71aebc8552344675d9696c189a8a1
Therefore, we can access the tool in tradefed test. And partners can also
run simulation without a git repo.
Bug: 131911365
Test: build otatools-package
Change-Id: Ibfeeab360517e129f47f18372bfa236b437bce9b
- `--block` has been a no-op since Oreo [1] -- ota_from_target_files
will always build block-based OTAs or A/B OTAs.
- MKBOOTIMG is no longer needed when calling ota_from_target_files, at
least for the callsite in Makefile. Because target_files.zip has been
including boot/recovery images since Lollipop [2].
This CL also switches to long options to improve readability.
[1] commit 457cbf6a8a
[2] commit 3c84f56948
Test: TreeHugger
Change-Id: I801bd0525d2529156bbf783698661d90ba24017a
lpunpack is needed to repackage super.img for mixed-image virtual devices.
For Cuttlefish, it's included in host package. We need to include it in
otatools.zip so Goldfish or other devices can use it to mix their super images.
Necessary SOs are the same as lpmake and have been included in otatools.zip.
Bug: 134461288
Test: $ lunch aosp_x86-userdebug
$ m otatools-package
$ unzip -l $OUT/ota* | grep lpunpack
467824 2008-01-01 00:00 bin/lpunpack
Change-Id: Ie2092f18afb88721b29b1738847a0b781dbcd431
The dependency on MAKE_EXT4FS (mke2fs) has been covered by the rule for
MKEXTUSERIMG (mkuserimg_mke2fs):
https://android.googlesource.com/platform/system/extras/+/refs/heads/master/ext4_utils/Android.bp
The dependency on mksquashfs and img2simg comes from mksquashfsimage.sh,
which has been moved into mksquashfsimage's building rule.
This CL also fixes the ordering of INTERNAL_USERIMAGES_BINARY_PATHS,
which should come after adding all the binaries to
INTERNAL_USERIMAGES_DEPS.
Test: TreeHugger
Change-Id: I8b30bf87860d9711e88eecca4b76db72f5cd8241
`PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH` will
produce a space separated string due to `foreach`, if
$(INTERNAL_USERIMAGES_BINARY_PATHS) has more than one string. We didn't
hit the issue in the past because $(INTERNAL_USERIMAGES_BINARY_PATHS)
had contained only one path in practice.
Test: TreeHugger
Change-Id: I74ef4356668af63d871a81f6bfd4c9324aa1d956
BOARD_PREBUILT_BOOTIMAGE is set.
Based on current Makefile INSTALLED_BOOTIMAGE_TARGET always kept as
empty if TARGET_NO_KERNEL is true, so build fails with empty out path.
This change is to set up INSTALLED_BOOTIMAGE_TARGET with
$(PRODUCT_OUT)/boot.img in case of TARGET_NO_KERNEL is true and
BOARD_PREBUILT_BOOTIMAGE is defined.
Bug: 135648566
Test: m -j passed
Change-Id: I9658f215c2e2cc5d87040d5085521ef44722c4ef
BOARD_SUPER_PARTITION_ERROR_LIMIT can be set by OEMs to cause a
build failure when the sum of sizes of logical partitions exceeds the same.
It is set to BOARD_SUPER_PARTITION_SIZE by default.
Bug: 133329143
Test: mmm -j32
Change-Id: Ief85c9ab3e3b9d071cd22b70e13b5c64bb784b9c
* changes:
Fix dependency on BOARD_AVB_SYSTEM_KEY_PATH
Fix some java library dependencies
Depend on NDK libraries
Call clean-path in more places
Add missing dependecy on SOONG_ZIP
Add dependencies on the toolchain (clang, etc)
These were found when trying to run remotely on RBE with only the
sources depended upon available for each rule.
Bug: 130111713
Test: treehugger
Change-Id: Id763f8fc7dfbe60445f98604db3422147165f537
BOARD_SUPER_PARTITION_WARN_LIMIT can be set by OEMs to print
a warning when the sum of sizes of logical partitions exceed the same.
It is set to 95% of BOARD_SUPER_PARTITION_SIZE by default.
Bug: 133329143
Test: mmm -j32
Change-Id: I7d3bedd970a92be60991898e436f63d914359301
We sometimes see build failures when building platform.zip happens
at the same time as building vendor.img if the vendor.img rule
runs rm -rf $OUT/vendor/lib/modules at the same time that platform.zip
is zipping $OUT/vendor/. Move the kernel modules into normal
installation rules so that they are in place by the time either
the vendor.img or platform.zip rules run.
This will also cause the kernel modules to show up in
installed-files*.txt.
Test: m vendorimage && ls $OUT/vendor/lib/modules
Change-Id: I178b1d54bfcdb5cf5c29885ace9183ac28fc8826
Include misc_info.txt (of CF's super.img) in *-img-*.zip.
This is needed if we want to rebuild super.img by replacing
some partitions in it.
Other tools, lpunpack and lpmake, are included in CF's
host package in another CL.
Bug: 134461288
Test: $ lunch aosp_cf_x86-userdebug
$ m dist
$ unzip -l $OUT/*-img-*.zip | grep misc_info
619 2019-05-27 17:42 misc_info.txt
Change-Id: Idf6146c2a7f9f32c9c4e5ddd2f6b9e65fc6bf55b
When using Verified Boot 2.0, releasetools specifies a salt value based
on build fingerprint, so that to give idempotent images.
However, the change that removed static `ro.build.fingerprint` [1] broke
the behavior, as common.LoadInfoDict still relies on fingerprints.
Without a fixed salt, the first call to make_recovery_patch.py and the
second one (which writes IMAGES/{boot,recovery}.img) will see different
images, which leads to install-recovery.sh failure.
Note that currently there's a dependency that requires getting bootable
images through two separate calls. make_recovery_patch.py has to happen
first to get (placeholder) files in the system image. We then generate
canned fs_config files, and finally use add_img_to_target_files.py to
write the images.
This CL adds a quick workaround to force rebuilding the
recovery-from-boot patch while calling add_img_to_target_files.py.
[1] https://android-review.googlesource.com/c/platform/build/+/892933
Bug: 134123803
Bug: 134525174
Test: TreeHugger
Test: Build a non-A/B target that uses AVB. Run validate_target_files.py
on the generated target_files.zip.
Change-Id: I5859e30be63bfd54398cf41fd2d907f15285f560
$(BUILD_NATIVE_TEST) will install a test binary into /testcases
regardless of is proprietary or not.
For now, since NOTICE.xml for a system partition depends on all modules in
/testcases, "m systemimage" may trigger "installing a proprietary test".
Modules in /testcase are not actually installed, so we can ignore them
when we make a notice file.
Bug: 133454731
Test: (internal) m systemimage, and see /vendor/lib if there are
unexpected files installed.
Change-Id: I54ee51a761049b8a5ce9e3369b30b7ade6344146
This enables mixed builds to use the file_contexts.bin from the system
build when regenerating images that come from system target files, and
similarly for file_contexts.bin from the other build when regenerating
images from other target files.
In monolithic (non-mixed) builds all image-specific selinux_fc props
point to the same file_contexts.
Bug: 132108151
Test: Built and booted mixed build devices.
Change-Id: Id51ed6d96ea6337879f1ab21d47c93c67bc25312
Since aosp/887473 removed ro.expect.recovery_id,
There is no usage of "RECOVERYIMAGE_ID_FILE" which points
$(PRODUCT_OUT)/recovery.id.
Test: m && boot
Change-Id: I704af874b7e4141d2e006595242f7b681aa47f05
In device root directory, we have the following symlinks:
- /odm/app -> /vendor/odm/app
- /odm/bin -> /vendor/odm/bin
- /odm/etc -> /vendor/odm/etc
...
This allows the Generic System Image (GSI) to be used on both devices:
1) Has a physical odm partition, where those symlink will be hidden
when /odm is used as the mount point
2) Has no physical odm partition and fallback to /vendor/odm/.
We can't just have the symlink /odm -> /vendor/odm, because the former
devices won't have /vendor/odm directory, which leads to mount failure
when the mount point /odm is resolved to /vendor/odm.
The existing /vendor/odm/build.prop won't be loaded in the latter
devices, because there is no symlink:
- /odm/build.prop -> /vendor/odm/build.prop.
Note that init blocks reading through direct symlinks (O_NOFOLLOW) so
the above symlink won't work either. This CL moves the odm build.prop
to /odm/etc/build.prop for init to load it (symlinks in earlier
components of the path will still be followed by O_NOFOLLOW).
Bug: 132128501
Test: boot a device and checks /odm/etc/build.prop is loaded
Test: make dist with an odm.img, checks $OUT/odm/etc/build.prop is loaded
Change-Id: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
Merged-In: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
(cherry picked from commit 6c62884000)
In device root directory, we have the following symlinks:
- /odm/app -> /vendor/odm/app
- /odm/bin -> /vendor/odm/bin
- /odm/etc -> /vendor/odm/etc
...
This allows the Generic System Image (GSI) to be used on both devices:
1) Has a physical odm partition, where those symlink will be hidden
when /odm is used as the mount point
2) Has no physical odm partition and fallback to /vendor/odm/.
We can't just have the symlink /odm -> /vendor/odm, because the former
devices won't have /vendor/odm directory, which leads to mount failure
when the mount point /odm is resolved to /vendor/odm.
The existing /vendor/odm/build.prop won't be loaded in the latter
devices, because there is no symlink:
- /odm/build.prop -> /vendor/odm/build.prop.
Note that init blocks reading through direct symlinks (O_NOFOLLOW) so
the above symlink won't work either. This CL moves the odm build.prop
to /odm/etc/build.prop for init to load it (symlinks in earlier
components of the path will still be followed by O_NOFOLLOW).
Bug: 132128501
Test: boot a device and checks /odm/etc/build.prop is loaded
Test: make dist with an odm.img, checks $OUT/odm/etc/build.prop is loaded
Change-Id: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
Merged-In: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
(cherry picked from commit 6c62884000)
The current solution expects BOARD_PREBUILT_DTBIMAGE_DIR to
contain prebuilt DTB files that are concatenated by the build system
to create $OUT/dtb.img. In order to accommodate devices that build
the dtb image locally, make boot.img creation depend on $OUT/dtb.img
only when BOARD_PREBUILT_DTBIMAGE_DIR is undefined.
Bug: 133161451
Test: Build with BOARD_PREBUILT_DTBIMAGE_DIR undefined and verify
using unpack_bootimg.py that $OUT/dtb.img was included in boot.img.
Change-Id: Iae2c634ccdc1d83589b26d382882f75fb8565a31
Bug: 131437873
Test: Built system-only and vendor builds for merge. Compared
resulting apkcertx and apexkeys text files to that of a monolithic
build,
Test: Created colliding entries in both apexkeys and apkcerts text
files and ensure the script exited with an appropriate error message.
Test: Created unit tests to cover both non-colliding and colliding
entries
Change-Id: I6e42ce682ffa9059344e8cd63ba3a720c1f93452
Phony rules with recipes run on every build, move the recipe for
check-all-partition-sizes to a rule with an output.
Fixes: 132900128
Test: m && m
Change-Id: I9b4d335bf269cd09a01094e895fc15053b410415
os_version is important for keymaster version binding, where it
refuses to perform operations with a key that is bound to an old
system version. This ensures that an attacker who discovers a
weakness in an old version of system or TEE software cannot roll a
device back to the vulnerable version and use keys created with the
newer version.
Previously, os_version for system.img is added into boot.img header
for bootloader to read the value then pass to TEE before booting the
HLOS. However, with project Treble to modularize each partition, all
images are now in the trajectory to be built independently (still
on-going). Also, in the Generic System Image (GSI) compliance test,
the os_version in OEM's boot.img cannot reflect the actual version of
GSI.
This CL adds per-partition os_versions into AVB metadata, which is
readable by bootloader via libavb without file system dependency. It's
still unclear for how os_version in non-system partition should be used.
We just add them for completeness here.
See more details in:
https://source.android.com/security/keystore/version-binding
Bug: 132233601
Test: build and avbtool info_image $OUT/vbmeta.img
- Prop: com.android.build.boot.os_version -> '10'
- Prop: com.android.build.system.os_version -> '10'
- Prop: com.android.build.system.security_patch -> '2019-06-05'
- Prop: com.android.build.vendor.os_version -> '10'
- Prop: com.android.build.vendor.security_patch -> '2019-06-05'
- Prop: com.android.build.product.os_version -> '10'
- Prop: com.android.build.product.security_patch -> '2019-06-05'
Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
Merged-In: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
(cherry picked from commit 9b54801b58)
os_version is important for keymaster version binding, where it
refuses to perform operations with a key that is bound to an old
system version. This ensures that an attacker who discovers a
weakness in an old version of system or TEE software cannot roll a
device back to the vulnerable version and use keys created with the
newer version.
Previously, os_version for system.img is added into boot.img header
for bootloader to read the value then pass to TEE before booting the
HLOS. However, with project Treble to modularize each partition, all
images are now in the trajectory to be built independently (still
on-going). Also, in the Generic System Image (GSI) compliance test,
the os_version in OEM's boot.img cannot reflect the actual version of
GSI.
This CL adds per-partition os_versions into AVB metadata, which is
readable by bootloader via libavb without file system dependency. It's
still unclear for how os_version in non-system partition should be used.
We just add them for completeness here.
See more details in:
https://source.android.com/security/keystore/version-binding
Bug: 132233601
Test: build and avbtool info_image $OUT/vbmeta.img
- Prop: com.android.build.boot.os_version -> '10'
- Prop: com.android.build.system.os_version -> '10'
- Prop: com.android.build.system.security_patch -> '2019-06-05'
- Prop: com.android.build.vendor.os_version -> '10'
- Prop: com.android.build.vendor.security_patch -> '2019-06-05'
- Prop: com.android.build.product.os_version -> '10'
- Prop: com.android.build.product.security_patch -> '2019-06-05'
Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
